arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

Fix for ssl client renotiation SSL error

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@166 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2009-12-12 04:11:56 +00:00
parent 1e8e818242
commit 13dee95d97
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/ssl.h
View File

@ -100,6 +100,7 @@ extern "C" {
#define SSL_ERROR_INVALID_KEY -269 #define SSL_ERROR_INVALID_KEY -269
#define SSL_ERROR_FINISHED_INVALID -271 #define SSL_ERROR_FINISHED_INVALID -271
#define SSL_ERROR_NO_CERT_DEFINED -272 #define SSL_ERROR_NO_CERT_DEFINED -272
#define SSL_ERROR_NO_CLIENT_RENOG -273
#define SSL_ERROR_NOT_SUPPORTED -274 #define SSL_ERROR_NOT_SUPPORTED -274
#define SSL_X509_OFFSET -512 #define SSL_X509_OFFSET -512
#define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A) #define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A)

13
ssl/tls1.c
View File

@ -1230,8 +1230,16 @@ int basic_read(SSL *ssl, uint8_t **in_data)
switch (ssl->record_type) switch (ssl->record_type)
{ {
case PT_HANDSHAKE_PROTOCOL: case PT_HANDSHAKE_PROTOCOL:
if (ssl->dc != NULL)
{
ssl->dc->bm_proc_index = 0; ssl->dc->bm_proc_index = 0;
ret = do_handshake(ssl, buf, read_len); ret = do_handshake(ssl, buf, read_len);
}
else /* no client renogiation allowed */
{
ret = SSL_ERROR_NO_CLIENT_RENOG;
goto error;
}
break; break;
case PT_CHANGE_CIPHER_SPEC: case PT_CHANGE_CIPHER_SPEC:
@ -1402,6 +1410,7 @@ int send_alert(SSL *ssl, int error_code)
case SSL_ERROR_INVALID_HANDSHAKE: case SSL_ERROR_INVALID_HANDSHAKE:
case SSL_ERROR_INVALID_PROT_MSG: case SSL_ERROR_INVALID_PROT_MSG:
case SSL_ERROR_NO_CLIENT_RENOG:
alert_num = SSL_ALERT_HANDSHAKE_FAILURE; alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
break; break;
@ -1958,6 +1967,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
printf("no certificate defined"); printf("no certificate defined");
break; break;
case SSL_ERROR_NO_CLIENT_RENOG:
printf("client renegotiation not supported");
break;
case SSL_ERROR_NOT_SUPPORTED: case SSL_ERROR_NOT_SUPPORTED:
printf("Option not supported"); printf("Option not supported");
break; break;

1
ssl/tls1_clnt.c
View File

@ -123,6 +123,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
case HS_FINISHED: case HS_FINISHED:
ret = process_finished(ssl, hs_len); ret = process_finished(ssl, hs_len);
disposable_free(ssl); /* free up some memory */ disposable_free(ssl); /* free up some memory */
/* note: client renogiation is not allowed after this */
break; break;
case HS_HELLO_REQUEST: case HS_HELLO_REQUEST: